PoisonedGNN: Backdoor Attack on Graph Neural Networks-Based Hardware Security Systems

Lilas Alrahis, Satwik Patnaik, Muhammad Abdullah Hanif, Muhammad Shafique, Ozgur Sinanoglu

Research output: Contribution to journalArticlepeer-review

Abstract

Graph neural networks (GNNs) have shown great success in detecting intellectual property (IP) piracy and hardware Trojans (HTs). However, the machine learning community has demonstrated that GNNs are susceptible to data poisoning attacks, which result in GNNs performing abnormally on graphs with pre-defined backdoor triggers (realized using crafted subgraphs). Thus, it is imperative to ensure that the adoption of GNNs should not introduce security vulnerabilities in critical security frameworks. Existing backdoor attacks on GNNs generate random subgraphs with specific sizes/densities to act as backdoor triggers. However, for Boolean circuits, backdoor triggers cannot be randomized since the added structures should not affect the functionality of a design. We explore this threat and develop PoisonedGNN as the first backdoor attack on GNNs in the context of hardware design. We design and inject backdoor triggers into the register-transfer-or the gate-level representation of a given design without affecting the functionality to evade some GNN-based detection procedures. To demonstrate the effectiveness of PoisonedGNN, we consider two case studies: (i) Hiding HTs and (ii) IP piracy. Our experiments on TrustHub datasets demonstrate that PoisonedGNN can hide HTs and IP piracy from advanced GNN-based detection platforms with an attack success rate of up to 100%.

Original languageEnglish (US)
Pages (from-to)2822-2834
Number of pages13
JournalIEEE Transactions on Computers
Volume72
Issue number10
DOIs
StatePublished - Oct 1 2023

Keywords

  • Hardware Trojans
  • Hardware security
  • backdoor attacks
  • graph neural networks
  • intellectual property piracy
  • machine learning

ASJC Scopus subject areas

  • Software
  • Theoretical Computer Science
  • Hardware and Architecture
  • Computational Theory and Mathematics

Fingerprint

Dive into the research topics of 'PoisonedGNN: Backdoor Attack on Graph Neural Networks-Based Hardware Security Systems'. Together they form a unique fingerprint.

Cite this